Total
3575 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-46114 | 1 Jpress | 1 Jpress | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| jpress v 4.2.0 is vulnerable to RCE via io.jpress.module.product.ProductNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code. | |||||
| CVE-2021-40373 | 1 Playsms | 1 Playsms | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the #tabs-information-page of core_main_config, and then executing that code via the index.php?app=main&inc=core_welcome URI. | |||||
| CVE-2021-33816 | 1 Dolibarr | 1 Dolibarr | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shell_exec are blocked but backticks are not blocked. | |||||
| CVE-2021-43221 | 1 Microsoft | 1 Edge Chromium | 2024-02-04 | 4.0 MEDIUM | 4.2 MEDIUM |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||||
| CVE-2021-32650 | 1 Octobercms | 1 October | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| October CMS is a self-hosted content management system (CMS) platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with access to the backend is able to execute PHP code by using the theme import feature. This will bypass the safe mode feature that prevents PHP execution in the CMS templates.The issue has been patched in Build 473 (v1.0.473) and v1.1.6. Those unable to upgrade may apply the patch to their installation manually as a workaround. | |||||
| CVE-2021-3725 | 1 Planetargon | 1 Oh My Zsh | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| Vulnerability in dirhistory plugin Description: the widgets that go back and forward in the directory history, triggered by pressing Alt-Left and Alt-Right, use functions that unsafely execute eval on directory names. If you cd into a directory with a carefully-crafted name, then press Alt-Left, the system is subject to command injection. Impacted areas: - Functions pop_past and pop_future in dirhistory plugin. | |||||
| CVE-2021-38448 | 1 Trane | 6 Ascend Air-cooled Chiller Acr, Intellipak 1, Intellipak 2 and 3 more | 2024-02-04 | 4.6 MEDIUM | 7.6 HIGH |
| The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software. | |||||
| CVE-2021-39979 | 1 Huawei | 1 Harmonyos | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| HHEE system has a Code Injection vulnerability.Successful exploitation of this vulnerability may affect HHEE system integrity. | |||||
| CVE-2021-46118 | 1 Jpress | 1 Jpress | 2024-02-04 | 6.5 MEDIUM | 7.2 HIGH |
| jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.article.kit.ArticleNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code. | |||||
| CVE-2021-38967 | 1 Ibm | 1 Mq Appliance | 2024-02-04 | 4.6 MEDIUM | 6.7 MEDIUM |
| IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local privileged user to inject and execute malicious code. IBM X-Force ID: 212441. | |||||
| CVE-2022-22285 | 2 Google, Samsung | 2 Android, Reminder | 2024-02-04 | 3.6 LOW | 7.1 HIGH |
| A vulnerability using PendingIntent in Reminder prior to version 12.2.05.0 in Android R(11.0) and 12.3.02.1000 in Android S(12.0) allows attackers to execute privileged action by hijacking and modifying the intent. | |||||
| CVE-2021-42057 | 1 Obsidian | 1 Obsidian Dataview | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
| Obsidian Dataview through 0.4.12-hotfix1 allows eval injection. The evalInContext function in executes user input, which allows an attacker to craft malicious Markdown files that will execute arbitrary code once opened. NOTE: 0.4.13 provides a mitigation for some use cases. | |||||
| CVE-2020-20124 | 1 Wuzhicms | 1 Wuzhi Cms | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| Wuzhi CMS v4.1.0 contains a remote code execution (RCE) vulnerability in \attachment\admin\index.php. | |||||
| CVE-2021-37079 | 1 Huawei | 1 Harmonyos | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
| There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to delete arbitrary file by system_app permission. | |||||
| CVE-2021-40499 | 1 Sap | 1 Netweaver Application Server Abap | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Client-side printing services SAP Cloud Print Manager and SAPSprint for SAP NetWeaver Application Server for ABAP - versions 7.70, 7.70 PI, 7.70 BYD, allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application. | |||||
| CVE-2022-23614 | 3 Debian, Fedoraproject, Symfony | 3 Debian Linux, Fedora, Twig | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Twig is an open source template language for PHP. When in a sandbox mode, the `arrow` parameter of the `sort` filter must be a closure to avoid attackers being able to run arbitrary PHP functions. In affected versions this constraint was not properly enforced and could lead to code injection of arbitrary PHP code. Patched versions now disallow calling non Closure in the `sort` filter as is the case for some other filters. Users are advised to upgrade. | |||||
| CVE-2021-36985 | 1 Huawei | 2 Emui, Magic Ui | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
| There is a Code injection vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may exhaust system resources and cause the system to restart. | |||||
| CVE-2021-39402 | 1 Maianmedia | 1 Maianaffiliate | 2024-02-04 | 6.5 MEDIUM | 7.2 HIGH |
| MaianAffiliate v.1.0 is suffers from code injection by adding a new product via the admin panel. The injected payload is reflected on the affiliate main page for all authenticated and unauthenticated visitors. | |||||
| CVE-2021-42296 | 1 Microsoft | 2 365 Apps, Office | 2024-02-04 | 6.9 MEDIUM | 7.8 HIGH |
| Microsoft Word Remote Code Execution Vulnerability | |||||
| CVE-2020-21651 | 1 Myucms Project | 1 Myucms | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\point.php, which can be exploited via the add() method. | |||||